Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Cybersecurity & Data Breaches

FCC Seeks Comment on Cybersecurity Recommendations for Communications Providers

CSRIC LogoThe U.S. Federal Communications Commission’s (FCC) Public Safety and Homeland Security Bureau (Bureau) has requested public input on a recent report on Cybersecurity Risk Management and Best Practices (Report) by the Communications Security, Reliability and Interoperability Council (CSRIC) for communications providers.  The Report represents the latest example of the U.S. government’s continued attention to these issues following the President’s 2013 Executive Order on Improving Critical Infrastructure Cybersecurity.  Comments are due May 29, with replies due June 26. Continue Reading

Posted in International/EU Privacy

Hong Kong Privacy Commissioner for Personal Data Issues Guidance on the Use of Drones

shutterstock_149083385On 29 March, the Hong Kong Privacy Commissioner for Personal Data (the “Commissioner”) published a guidance note that supplements previous guidance on the use of closed circuit television systems and for the first time addresses the increasing use of  unmanned aircraft systems (UAS, or, more popularly, drones).  The Commissioner’s guidance is the first significant regulatory engagement on the use of UAS by a Hong Kong regulator. Continue Reading

Posted in International/EU Privacy

Recording and Deck from Webinar: Update on New Russia Data Localization Law

Russian-ServersThank you to everyone who participated in the Hogan Lovells webinar “Russia Data Localization Update: New Details Emerge from Meetings with Russian Regulator” on 2 April 2015. This update follows an October 2014 presentation that outlined Russia’s newly enacted Data Localization Law. In this webinar, Hogan Lovells privacy and data protection attorneys Natalia Gulyaeva and Bret Cohen provided insight into the expectations of Russian regulators as the September 2015 implementation deadline approaches.

To access the a copy of the slide deck, click here.

To access the recorded webinar, click here (1 hr 17 mins — the webinar will start to play automatically).

Stay tuned to the blog for future updates on the law, including any future formal guidance from the Russian government.

Posted in Consumer Privacy, Privacy & Security Litigation

Court Allows FTC to Move Forward in “Common Carrier” Exemption Case

phone-shutterstock_74168194-250Katherine Armstrong, Counsel in our Washington, D.C. office, contributed to this post.

Last week, U.S. District Court Judge Edward M. Chen denied AT&T Mobility’s motion to dismiss the Federal Trade Commission’s (FTC’s) October 2014 complaint alleging that AT&T engaged in unfair and deceptive practices in connection with its retail mobile broadband data services. AT&T argued that its status as a common carrier makes it exempt from enforcement of the FTC Act. The court disagreed. At issue is the scope of the common carrier exemption.

Continue Reading

Posted in Consumer Privacy, International/EU Privacy

Canada’s Anti-Spam Law: First CASL Enforcement Action Brings $1.1 Million Penalty

anti spamEarlier this month, the Canadian Radio-television and Telecommunications Commission’s (“CRTC’s”) Chief Compliance and Enforcement Officer issued a Notice of Violation and $1.1 million penalty to Compu-Finder for four violations of the Canadian Anti-Spam Legislation (“CASL”).  Although Compu-Finder was apparently engaged in “flagrant” CASL violations, according to the Chief Compliance and Enforcement Officer, the CRTC also confirmed that it is assessing CASL complaints and that “a number of investigations are currently underway.”  Therefore, organizations engaging with individuals located in Canada should review their communications and marketing practices for compliance under CASL and other applicable law. Continue Reading

Posted in Cybersecurity & Data Breaches, International/EU Privacy

Executive Order Authorizes Economic Sanctions as New Tool for U.S. Cyber Defense

500px-US-WhiteHouse-LogoOn 1 April 2015, President Obama signed an Executive Order (the Order) authorizing the imposition of sanctions on individuals and entities determined to be responsible for or complicit in malicious cyber-enabled activities constituting a significant threat to the national security, foreign policy, or economic health or financial stability of the United States. The Treasury Department’s Office of Foreign Assets Control (OFAC) simultaneously released FAQs related to the Order. The White House, in a statement by President Obama and in FAQs on the White House Blog, explained that the Order will be used to impose targeted sanctions against the “worst of the worst” malicious cyber actors, as well as companies that knowingly use stolen trade secrets.  Continue Reading

Posted in Cybersecurity & Data Breaches

Hogan Lovells’ IAPP Tracker Post Highlights Data Security and Breach Notification Legislation in Congress

congress-logo-315x314The following piece, written by the Hogan Lovells privacy team, was posted to the International Association of Privacy Professionals’ (IAPP) Privacy Tracker on March 31. The post, Data Security and Breach Notification Legislation Gaining Traction in Congress,  is reprinted in its entirety below with permission from the IAPP.

For more than a year now, we have been hearing that the spate of highly-publicized data breaches could lead to federal data security and data breach legislation. On March 25, the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade took action that brings us closer to seeing that prediction become a reality. In this post, we take a closer look at the bipartisan legislation approved by the subcommittee—the Data Security and Breach Notification Act of 2015 (DSBN) — and discuss five key provisions that are likely to be at issue as the legislation moves forward. Continue Reading

Posted in International/EU Privacy

The Netherlands: New Rules for Cookies, Data Breaches and Fines

Netherlands FlagRecently, new rules on cookies (all links in Dutch) came into force in the Netherlands. In addition, the Dutch Second Chamber approved a draft bill to introduce a mandatory data breach notification requirement and to strengthen the Dutch Data Protection Authority’s investigative and fining powers. The new rules apply to all companies acting as a “data controller” within the meaning of the Dutch Data Protection Act. The Dutch First Chamber has announced that it plans to review this draft bill as soon as possible. Continue Reading

Posted in Consumer Privacy

U.S. FCC Decision Triggers Potential Sea Change in Broadband ISP Data Privacy and Security Requirements

FCC Logo

In its recent Open Internet Order (“Order”), the U.S. Federal Communications Commission (FCC) determined that broadband Internet access services are appropriately classified as common carrier “telecommunications services” under the Telecommunications Act of 1996.  In doing so, the agency established itself as the primary U.S. data privacy and security regulator for those services and triggered additional requirements under the Act.  It also promised a future rulemaking that could result in a sea change in how ISPs and their business partners interact with consumer data.  Although the decision is widely expected to be appealed in court, organizations operating across the broadband ecosystem would be prudent to assess the potential impact on their current and planned online service portfolio. Continue Reading

Posted in International/EU Privacy

Russia Data Localization Law Update and Webinar: New Details Emerge from Meetings with Russian Regulator

Russian-Servers

With the September 2015 effective date of Russia’s Data Localization Law less than six months away, the Russian data protection authority, Roskomnadzor, has still not issued any formal guidance on how it interprets the law’s broad requirement that companies must process and store the personal data of Russian citizens within Russia.  Roskomnadzor has, however, recently held a series of meetings with different industry groups about the law.  While Roskomnadzor’s views as expressed in these meetings do not constitute a formal position, they provide insight into how the regulator is likely to interpret the law. Continue Reading